Like to have this plugin in your language?

Translations can be added very easily here. If you do, I can get you added as translation editor to approve the translations.

Screenshots

After activation, if SSL was detected, you can enable SSL.

View your configuration on the settings page.

Mixed content scan.

Installation

To install this plugin:

Make a backup!

Install your SSL certificate

Download the plugin

Upload the plugin to the wp-content/plugins directory,

Go to “plugins” in your WordPress admin, then click activate.

You will now see a notice asking you to enable SSL. Click it and log in again.

FAQ

Knowledge base

For more detailed explanations and documentation on redirect loops, deactivating, mixed content, errors, and so on, please search the documentation

Does the mixed content fixer make my site slower?

On a site where the source consists of about 60.000 characters, the delay caused by the mixed content fixer is about 0.00188 seconds. If this is too much for you, fix the mixed content manually and deactivate it in the settings.

Uninstalling Really Simple SSL

The plugin checks your certificate before enabling, but if, for example, you migrated the site to a non-ssl environment, you might get locked out of the back-end.
If you can’t deactivate, do not just remove the plugin folder to uninstall! Follow these instructions.

Mixed content issues

Most mixed content issues are caused by urls in css or js files.
For detailed instructions on how to find mixed content read this article.

Redirect loop issues

If you are experiencing redirect loops on your site, try these instructions.

Is the plugin multisite compatible?

Yes. There is a dedicated network settings page where you can switch between network activated SSL and per page SSL. In the dedicated pro for multisite plugin, you can override all site settings for SSL on the network level, and can activate and deactivate SSL in the network menu for each site.* Really Simple SSL maintains an extensive knowledge-base at https://www.really-simple-ssl.com.

2.5.25

2.5.24

Fix: On multisite, admin_url forced current blog URL’s over http even when the current blog was loaded over https. This will now only force http for other blog_urls than the current one, when they are on http and not https.

2.5.23

Tested up to WP 4.9

Added secure cookie notice

2.5.22

Changed mixed content fixer hook back from wp_print_footer_scripts to shutdown

2.5.21

Fixed double slash in paths to files

Fixed typo in activation notice.

Tweak: added option to not flush the rewrite rules

Fix: prevent forcing admin_url to http when FORCE_SSL_ADMIN is defined

2.3.5

2.3.4

Start detection and configuration only for users with “manage_options” capability

2.3.3

Fixed bug in force-deactivate script

2.3.2

Changed SSL detection so test page is only needed when not currently on SSL.

Some minor bug fixes.

2.3.1

Removed “activate ssl” option when no ssl is detected.

Optimized emptying of cache

Fixed some bugs in deactivation and activation of multisite

2.3.0

Gave more control over activation process by explicitly asking to enable SSL.

Added a notice if .htaccess is not writable

2.2.20

Fixed a bug in SSL detection

2.2.19

Changed followlocation in curl to an alternative method, as this gives issues when safemode or open_basedir is enabled.
Added dismissable message when redirects cannot be inserted in the .htaccess

2.2.18

Fixed bug in logging of curl detection

2.2.17

Security fixes in ssl-test-page.php

2.2.16

Bugfix with of insecure content fixer.

2.2.13

Added a check if the mixed content fixer is functioning on the front end
Fixed a bug where multisite per_site_activation variable wasn’t stored networkwide
Added clearing of wp_rocket cache thans to Greg for suggesting this
Added filter so you can remove the really simple ssl comment
Fixed a bug in the output buffer usage, which resolves several issues.
Added code so JetPack will run smoothly on SSL as well, thanks to Konstantin for suggesting this

2.2.12

To prevent lockouts, it is no longer possible to activate plugin when wp-config.php is not writable. In case of loadbalancers, activating ssl without adding the necessary fix in the wp-config would cause a redirect loop which would lock you out of the admin.

Moved redirect above the WordPress rewrite rules in the htaccess file.

Added an option to disable the fallback javascript redirection to https.

2.2.11

Brand new content fixer, which fixes all links on in the source of your website.

2.2.10

Roll back of mixed content fixer.

2.2.9

Improved the mixed content fixer. Faster and more effective.

2.2.8

Edited the wpconfig define check to prevent warnings when none are needed.

2.2.7

Extended detection of homeurl and siteurl constants in wp-config.php with regex to allow for spaces in code.